Ensuring Consistency of Critical Systems in Agile Development · Ensuring Consistency of Critical Systems in Agile Development ... Any distribution or copyi ng is subject to prior

V1.1 | 2018-10-03

Helmut Bunge, Samir Sarkic, BoschDr. Christof Ebert, Kai Ruedele, Vector Consulting Services

Ensuring Consistency of Critical Systems in Agile Development

Some 59,0001 researchers and developers work at Bosch: at 1202 locations worldwide, in a single network.

Bosch is one of the world’s leading international providers of technology and services.

Over the past six years, Bosch has invested more than 27 billion euros in research and development.

Our objective: to develop innovative, useful, and exciting products and solutions to enhance quality of life – technology that is “Invented for life.”

Internal | C/CCB, C/CCD | December 2017© Robert Bosch GmbH 2016. All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights.

1 As of 12.16 2 R&D locations with >50 associates, as of 12.16

Bosch – technology to enhance quality of life

2/21

© 2018. Vector Consulting Services GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.1 | 2018-10-03

Vector Consulting Services

Transport

Automotive

Aerospace

Medical

Digital Transformation

IT & Finance

Vector is global market leader in automotive software and engineering toolchain with over 2.000 employees

Vector Consulting Services is supporting clients worldwide

Product development, IT and change management

Processes, tools, trainings, coaching transformation, interim support

Agile, cybersecurity, safety, ASPICE, requirements engineering, etc.

www.vector.com/consulting

www.vector.com/consulting-career

3/21


1.

2. Motivation

3. Ensuring Consistency in Agile Development

4. Conclusions and Outlook

Agenda

Welcome

4/21


Vector Client Survey 2018: Security and Safety are Major ChallengesMotivation

Safety and Cybersecurity have arrived as major challenges – now and in future. Solution: Agile innovation

Innovation

Competences

Efficiency

FlexibilityDistributed teams

Connectivity

Safety and security

Complexity

Digital transformation

Compliance

Others0%

10%

20%

30%

40%

50%

60%

70%

80%

0% 10% 20% 30% 40% 50% 60% 70%

Mid

-ter

m c

halle

nges

Short-term challenges Vector Client Survey 2018. Details: www.vector.com/trends.

Horizontal axis shows short-term challenges; vertical axis shows mid-term challenges.

Sum > 200% due to 5 answers per question. Strong validity with >4% response rate of 2000 recipients from

different industries worldwide.

Magic Triangle

5/21


VisionSafe and secure product release within few hours with formal approval process and documentationThis allows to react fast to cybersecurity attacks with safety impact.

ChallengeFrequent and late changes in safety related product development are often hindered because they take too much effort to release with right quality level.

SolutionAgile safety analysis process supported by semi-automated tooling: Method, Organization, Tooling

Overview: Agile Safety and CybersecurityMotivation

This presentation presents the evolution path to integrate agile and safety/security.

With the growth of IoT and convergence of IT and embedded systemsit applies to practically all industries

6/21


1.

2. Motivation



Agenda

Welcome

7/21


Method: Model-Based Dependency Analysis (1/2)Ensuring Consistency in Agile Development

Traceability from changes based on hierarchic modelling & update of analysis and tests

SystemRequirements

Logical SystemArchitecture

ComponentArchitecture

SimulationImplementation

PowerMirrorCtrl

Type: PowerMirrorCtrl

SwitchMatrix

Type: SwitchMatrix

PowerMirrorPass

Type: PowerMirr...

PowerMirrorDriver

Type: PowerMirr...

PowerManagement

Type: PowerMan...

x+:pm_pass_x+

y+:pm_pass_y+

y-:pm_pass_y-

x-:pm_pass_x-

y+:pm_driv_y+

x+:pm_driv_x+

y-:pm_driv_y-

x-:pm_driv_x-

y:PM_y

x:PM_x

sel:PM_selection

def12:KeyIn

sel:PM_selection

x:PM_x

y:PM_y x+:pm_pass_x+

y+:pm_pass_y+

y-:pm_pass_y-

x-:pm_pass_x-

y+:pm_driv_y+

x+:pm_driv_x+

y-:pm_driv_y-

x-:pm_driv_x-

KeyIn:KeyIn Assembly Net

Assembly Net

Body Ctrl

Driver Door CtrlPass Door Ctrl

Gateway

SwtichMatrix

PassengerMirror DriverMirror

BatMng

-

-

-

-

-

-

-

-

-

DoorLIN:LIN

Ground

PowerSupply

- cv2:4w -KA_Pass Door Ctrl _0

-

-

CANPT:CANC

System FTA/FMEA

ComponentFTA/FMEA

Fault Injection /

TDD

8/21


Method: Model-Based Dependency Analysis (2/2)Ensuring Consistency in Agile Development

Simplified Example: Activity Diagram (SysML) helps to investigate impact of changes

Based on this “effect chain analysis” the related tasks for safety analysis update can be identified (e.g. are safety related operations affected by change)

Scenario: “small change” leads to negative impact on safety

Challenge: early detection of safety impact

Target: “Continuous” Safety Analysis

9/21


Method: Continuous Regression TestingEnsuring Consistency in Agile Development

Similar to Safety, Security needs to be an integrated part of the development process. For efficient and fast ramp-up, connect security with existing safety governance.

?

Hazard and Risk Assessment

Safety Goals

Functional Safety-Concept

Features and Operation Scenarios

Technical Safety-Concept

Implement. of Safety

Mechanisms

Verify Safety Mechanisms

Test Safety Mechanisms

Validate Safety Assumptions

Safety Case

Safety ActivitySafety Verification on

Unit Level

Assets andAttack

Potentials

Threat and Risk Assessment

Security Goals

Security Architecture

Technical Security Concept

Implement. of Security

Mechanisms

Verify Security Mechanisms

Test Security Mechanisms,

Pen Tests

Validate Security

Assumptions

Security Case

Security Activity

Security Verification on

Unit Level

Safe / Secure Implementation of Nominal Functions

Safety Operations

Security Operations

10/21


Organization: Scaled Agile with Safety integrationEnsuring Consistency in Agile Development

Coordinate safety via “Scrum Of Scrums” focus on safety impact coordination

Coordinate “change waves” e.g. update of HW leads to significant SW and Safety update

Semi-automated safety analysis to detect unexpected side-effects

Testing Team

HW TeamSW Team 2SW Team 1

Scrum of Scrums

Location 1

Location 1Location 2

Location 2 Location 3

Challenge: Manage dependencies between teams in case of safety related changes

11/21


Organization: Test-oriented Requirements Engineering (TORE) with Agile TeamsEnsuring Consistency in Agile Development

Agile teams clarify initially the test set-up based on hierarchic requirements and models

LegendSW Lead Team 1SW Lead Team 2Technical Lead Testing

Team MemberHardware LeadMechanical Lead

Chief Technical Lead

Kanban Board

Testing Team

HW TeamSW Team 2SW Team 1 Mechanical Team

Scrum of Scrums


Location 1Location 2


Safety Manager

Safety Engineering

12/21


Why is the tooling important?

Safety Analysis depends on Respective scope, i.e. System-,

SW-, HW-Design Specific safety requirements Dependencies from cybersecurity

threat analysis

Tools: Integrated Safety ToolsEnsuring Consistency in Agile Development

Architecture + Design

Safety Analysis

3 Improve

2 Analyse

1 Develop

Requirements

Interface Design to Safety Analysis

Changes have complex dependencies and interactions across work products.Tooling is mandatory for efficient and consistent change handling.

13/21


Tools: Support for Consistency in Agile DevelopmentEnsuring Consistency in Agile Development

Benefits from automated tools Maintaining the continuous

safety-case with necessary documentation in agile incremental deliveries of critical systems

Efficient implementation of cybersecurity and functional safety during changes

Full Life-Cycle support from requirements to concept, design, test and after-sales

Traceability and governance Support for heterogeneous

environments Evolution to automated

generation of Safety Analysis based on detailed modeling of static and dynamic aspects

Continuous Safety Case

Vector SafetyCheck / SecurityCheck

PREEvision Safety support

Bosch DASP Workbench

14/21


1.

2. Motivation



Agenda

Welcome

15/21


Integration of safety and cybersecurity in agile projects is possible and has benefits…

…if the following conditions are fulfilled

Methods> Consistency across work products from HARA/TARA to safety/security goals and requirements to design,

implementation, (regression) test and safety/security case documentation

Organization> Safety team is integrated in agile team (safety manager / safety engineer). > Agile team has necessary safety and security competences.

Tools> Sufficient tool based traceability (requirements, architecture, tests, change sets..) is established.> Safety tooling supports interfaces to design tools (System, SW, HW).

Conclusion: Safety/Security are Possible in Agile DevelopmentConclusions and Outlook

Safety and cybersecurity engineering must be integrated with software development.Systematic integration ensures efficient and robust development in agile context

16/21


Evolution: Critical Systems Demand Agility ScalingConclusions and Outlook

High

HighLow

RiskCriticality

Governance

Flexibility, Continuity

Source: Ebert, Requirements

Engineering, 2018

Vector ACE

Agility for safety and cybersecurity needs profound methodology and guidance17/21


Mobility: From driving to multi-modal mobility services and sharing culture

Business Models: From incumbent tiered supply-chain to flexible new players from IT industry

E/E architecture: From distributed electronic controllers to standardized three-tier architecture

IT architecture: From proprietary building blocks to open IT systems with off-the-shelf components and adaptive SOA.

Development lifecycle: From the classic V model with rather heavy release cycles to agile DevOps-like approach.

Governance: From encapsulated safety-critical functions to interwoven quality assurance for liability, safety, cyber-security, privacy.

Culture: From R&D vs. IT separation to convergence.

Competences: From automotive embedded electronics to IT as a core competence of all engineers.

Further Information: Automotive E/E TrendsConclusions and Outlook

Contact Vector for white papers, technical benchmarks and consulting

Source: IEEE Software May 2017 (Vector Guest Edited)www.vector.com/consulting-mediacenter

18/21


Agile in PracticeConclusions and Outlook

Vector Forum 2019

The Agile Organization -Adaptive, Distributed, Scaling Agile for Critical Systems

27. June 2019 in Stuttgart

Practical experiences from global leaders, across industries

Enhance your competences

Grow your networks

Details…

www.vector.com/forum19

19/21


Vector:

[email protected]

www.vector.com/consulting

@VectorVCS

More InformationConclusions and Outlook

Bosch:

[email protected]

[email protected]

www.bosch-mobility-solutions.com

20/21


Thank you for your attention.For more information please contact us.

Passion. Partner. Value.

Vector Consulting Services

@VectorVCS

www.vector.com/[email protected]: +49-711-80670-0

Documents

Ensuring Consistency of Critical Systems in Agile Development · Ensuring Consistency of Critical Systems in Agile Development ... Any distribution or copyi ng is subject to prior